Plantronics Hub - Privilege Defined With Unsafe Actions
Vulnerability Summary
A local privilege-escalation vulnerability exists in the Plantronics Hub for Windows client application. A local attacker can exploit this vulnerability to gain elevated privileges.
Details
CVE 2019-15742
A local privilege-escalation vulnerability exists in the Poly Plantronics Hub before 3.14 for Windows client application. A local attacker can exploit this issue to gain elevated privileges.
Published
Last Update: 3/7/2022
Initial Public Release: 8/30/2019
Advisory ID: PLYAP19-08
CVE ID: CVE-2019-15742
CVSS Score: 7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Product Affected
| PRODUCTS | FIRMWARE | FIX |
|---|---|---|
| Plantronics Hub Desktop Application (Windows) | Prior to 3.14 |
Update Plantronics Hub for Windows version 3.14 or later |
Solution
Poly recommends customers upgrade to firmware build 3.14 or later.
Workaround
There is no workaround.
Contact
Any customer using an affected system who is concerned about this vulnerability within their deployment should contact Poly Technical Support – (888) 248-4143, (916) 928-7561, or visit the Poly Support Site.
RECOGNITION
Poly would like to thank Markus Krell from NTT Ltd. for reporting security vulnerabilities to us and for their coordinated disclosure.
Revision History
| VERSION | DATE | DESCRIPTION |
|---|---|---|
| 1.0 | 8/30/2019 | Initial Release |
| 2.0 | 3/7/2022 | Format Changes |